/src/nestegg/test/fuzz.cc

Source (jump to first uncovered line)
/*
 * Copyright © 2018 Mozilla Foundation
 *
 * This program is made available under an ISC-style license.  See the
 * accompanying file LICENSE for details.
 */
#include <assert.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include "nestegg/nestegg.h"

/* fuzz.cc is meant to be used with LibFuzzer
 * (https://llvm.org/docs/LibFuzzer.html)
 *
 * To build:
 * clang -g -O1 -fsanitize=fuzzer -I./include src/nestegg.c test/fuzz.cc -o fuzz
 *
 * NOTE: At the moment there are large chunks of code that have been copied
 *       from regress.c
 */

/* Three functions that implement the nestegg_io interface, operating on a
   io_buffer. */
struct io_buffer {
  unsigned char const * buffer;
  size_t length;
  int64_t offset;
};

static int
ne_buffer_read(void * buffer, size_t length, void * userdata)
{
  struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
  size_t available = iob->length - iob->offset;

  if (available == 0)
    return 0;

  if (available < length)
    return -1;

  memcpy(buffer, iob->buffer + iob->offset, length);
  iob->offset += length;

  return 1;
}

static int
ne_buffer_seek(int64_t offset, int whence, void * userdata)
{
  struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
  int64_t o = iob->offset;

  switch(whence) {
  case NESTEGG_SEEK_SET:
    o = offset;
    break;
  case NESTEGG_SEEK_CUR:
    o += offset;
    break;
  case NESTEGG_SEEK_END:
    o = iob->length + offset;
    break;
  }

  if (o < 0 || o > (int64_t) iob->length)
    return -1;

  iob->offset = o;
  return 0;
}

static int64_t
ne_buffer_tell(void * userdata)
{
  struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
  return iob->offset;
}


extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
  int r, type, id, track_encoding, pkt_keyframe, pkt_encryption, cues;
  int64_t read_limit = -1;
  nestegg * ctx;
  nestegg_audio_params aparams;
  nestegg_packet * pkt;
  nestegg_video_params vparams;
  size_t length;
  uint64_t duration = ~0, pkt_tstamp, pkt_duration, tstamp_scale, default_duration;
  int64_t pkt_discard_padding, pkt_reference_block;
  unsigned char * codec_data, * ptr, * pkt_additional;
  unsigned char const * track_content_enc_key_id, * pkt_encryption_iv;
  unsigned int i, j, tracks = 0, pkt_cnt, pkt_track;
  unsigned int data_items = 0;
  uint8_t pkt_num_offsets;
  uint32_t const * pkt_partition_offsets;

  nestegg_io io;
  struct io_buffer userdata;
  userdata.buffer = data;
  userdata.length = size;
  userdata.offset = 0;

  io.read = ne_buffer_read;
  io.seek = ne_buffer_seek;
  io.tell = ne_buffer_tell;
  io.userdata = &userdata;

  ctx = NULL;
  r = nestegg_init(&ctx, io, NULL, read_limit);
  if (r != 0)
    return 0;

  nestegg_track_count(ctx, &tracks);
  nestegg_duration(ctx, &duration);
  nestegg_tstamp_scale(ctx, &tstamp_scale);
  cues = nestegg_has_cues(ctx);

  for (i = 0; i < tracks; ++i) {
    type = nestegg_track_type(ctx, i);
    id = nestegg_track_codec_id(ctx, i);
    nestegg_track_codec_data_count(ctx, i, &data_items);
    track_encoding = nestegg_track_encoding(ctx, i);
    r = nestegg_track_default_duration(ctx, i, &default_duration);
    if (track_encoding == NESTEGG_ENCODING_ENCRYPTION) {
      nestegg_track_content_enc_key_id(ctx, i, &track_content_enc_key_id, &length);
    }
    for (j = 0; j < data_items; ++j) {
      nestegg_track_codec_data(ctx, i, j, &codec_data, &length);
    }
    switch (type) {
    case NESTEGG_TRACK_VIDEO:
      nestegg_track_video_params(ctx, i, &vparams);
      break;
    case NESTEGG_TRACK_AUDIO:
      nestegg_track_audio_params(ctx, i, &aparams);
      break;
    //case NESTEGG_TRACK_UNKNOWN:
    //  break;
    default:
      break;
    }
  }

  for (;;) {
    pkt = NULL;
    r = nestegg_read_packet(ctx, &pkt);
    if (r <= 0) {
      assert(pkt == NULL);
      break;
    }
    nestegg_packet_track(pkt, &pkt_track);
    pkt_keyframe = nestegg_packet_has_keyframe(pkt);
    nestegg_packet_count(pkt, &pkt_cnt);
    nestegg_packet_tstamp(pkt, &pkt_tstamp);
    pkt_duration = 0;
    nestegg_packet_duration(pkt, &pkt_duration);
    pkt_discard_padding = 0;
    nestegg_packet_discard_padding(pkt, &pkt_discard_padding);
    pkt_reference_block = 0;
    nestegg_packet_reference_block(pkt, &pkt_reference_block);
    pkt_additional = NULL;
    nestegg_packet_additional_data(pkt, 1, &pkt_additional, &length);
    pkt_encryption = nestegg_packet_encryption(pkt);
    if (pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_ENCRYPTED ||
        pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_PARTITIONED) {
      nestegg_packet_iv(pkt, &pkt_encryption_iv, &length);
    }
    if (pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_PARTITIONED) {
      nestegg_packet_offsets(pkt, &pkt_partition_offsets, &pkt_num_offsets);
    }
    for (i = 0; i < pkt_cnt; ++i) {
      nestegg_packet_data(pkt, i, &ptr, &length);
    }
    nestegg_free_packet(pkt);
  }

  nestegg_destroy(ctx);
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright © 2018 Mozilla Foundation
3		*
4		* This program is made available under an ISC-style license. See the
5		* accompanying file LICENSE for details.
6		*/
7		#include <assert.h>
8		#include <stdarg.h>
9		#include <stdio.h>
10		#include <stdlib.h>
11		#include <stdint.h>
12		#include <string.h>
13		#include "nestegg/nestegg.h"
14
15		/* fuzz.cc is meant to be used with LibFuzzer
16		* (https://llvm.org/docs/LibFuzzer.html)
17		*
18		* To build:
19		* clang -g -O1 -fsanitize=fuzzer -I./include src/nestegg.c test/fuzz.cc -o fuzz
20		*
21		* NOTE: At the moment there are large chunks of code that have been copied
22		* from regress.c
23		*/
24
25		/* Three functions that implement the nestegg_io interface, operating on a
26		io_buffer. */
27		struct io_buffer {
28		unsigned char const * buffer;
29		size_t length;
30		int64_t offset;
31		};
32
33		static int
34		ne_buffer_read(void * buffer, size_t length, void * userdata)
35	2.64M	{
36	2.64M	struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
37	2.64M	size_t available = iob->length - iob->offset;
38
39	2.64M	if (available == 0)
40	5.04k	return 0;
41
42	2.64M	if (available < length)
43	186	return -1;
44
45	2.64M	memcpy(buffer, iob->buffer + iob->offset, length);
46	2.64M	iob->offset += length;
47
48	2.64M	return 1;
49	2.64M	}
50
51		static int
52		ne_buffer_seek(int64_t offset, int whence, void * userdata)
53	0	{
54	0	struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
55	0	int64_t o = iob->offset;
56
57	0	switch(whence) {
58	0	case NESTEGG_SEEK_SET:
59	0	o = offset;
60	0	break;
61	0	case NESTEGG_SEEK_CUR:
62	0	o += offset;
63	0	break;
64	0	case NESTEGG_SEEK_END:
65	0	o = iob->length + offset;
66	0	break;
67	0	}
68
69	0	if (o < 0 \|\| o > (int64_t) iob->length)
70	0	return -1;
71
72	0	iob->offset = o;
73	0	return 0;
74	0	}
75
76		static int64_t
77		ne_buffer_tell(void * userdata)
78	77.2k	{
79	77.2k	struct io_buffer * iob = reinterpret_cast<struct io_buffer *>(userdata);
80	77.2k	return iob->offset;
81	77.2k	}
82
83
84		extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
85	6.64k	{
86	6.64k	int r, type, id, track_encoding, pkt_keyframe, pkt_encryption, cues;
87	6.64k	int64_t read_limit = -1;
88	6.64k	nestegg * ctx;
89	6.64k	nestegg_audio_params aparams;
90	6.64k	nestegg_packet * pkt;
91	6.64k	nestegg_video_params vparams;
92	6.64k	size_t length;
93	6.64k	uint64_t duration = ~0, pkt_tstamp, pkt_duration, tstamp_scale, default_duration;
94	6.64k	int64_t pkt_discard_padding, pkt_reference_block;
95	6.64k	unsigned char * codec_data, * ptr, * pkt_additional;
96	6.64k	unsigned char const * track_content_enc_key_id, * pkt_encryption_iv;
97	6.64k	unsigned int i, j, tracks = 0, pkt_cnt, pkt_track;
98	6.64k	unsigned int data_items = 0;
99	6.64k	uint8_t pkt_num_offsets;
100	6.64k	uint32_t const * pkt_partition_offsets;
101
102	6.64k	nestegg_io io;
103	6.64k	struct io_buffer userdata;
104	6.64k	userdata.buffer = data;
105	6.64k	userdata.length = size;
106	6.64k	userdata.offset = 0;
107
108	6.64k	io.read = ne_buffer_read;
109	6.64k	io.seek = ne_buffer_seek;
110	6.64k	io.tell = ne_buffer_tell;
111	6.64k	io.userdata = &userdata;
112
113	6.64k	ctx = NULL;
114	6.64k	r = nestegg_init(&ctx, io, NULL, read_limit);
115	6.64k	if (r != 0)
116	1.28k	return 0;
117
118	5.36k	nestegg_track_count(ctx, &tracks);
119	5.36k	nestegg_duration(ctx, &duration);
120	5.36k	nestegg_tstamp_scale(ctx, &tstamp_scale);
121	5.36k	cues = nestegg_has_cues(ctx);
122
123	108k	for (i = 0; i < tracks; ++i) {
124	103k	type = nestegg_track_type(ctx, i);
125	103k	id = nestegg_track_codec_id(ctx, i);
126	103k	nestegg_track_codec_data_count(ctx, i, &data_items);
127	103k	track_encoding = nestegg_track_encoding(ctx, i);
128	103k	r = nestegg_track_default_duration(ctx, i, &default_duration);
129	103k	if (track_encoding == NESTEGG_ENCODING_ENCRYPTION) {
130	1.72k	nestegg_track_content_enc_key_id(ctx, i, &track_content_enc_key_id, &length);
131	1.72k	}
132	138k	for (j = 0; j < data_items; ++j) {
133	35.2k	nestegg_track_codec_data(ctx, i, j, &codec_data, &length);
134	35.2k	}
135	103k	switch (type) {
136	21.0k	case NESTEGG_TRACK_VIDEO:
137	21.0k	nestegg_track_video_params(ctx, i, &vparams);
138	21.0k	break;
139	1.71k	case NESTEGG_TRACK_AUDIO:
140	1.71k	nestegg_track_audio_params(ctx, i, &aparams);
141	1.71k	break;
142		//case NESTEGG_TRACK_UNKNOWN:
143		// break;
144	80.3k	default:
145	80.3k	break;
146	103k	}
147	103k	}
148
149	12.4k	for (;;) {
150	12.4k	pkt = NULL;
151	12.4k	r = nestegg_read_packet(ctx, &pkt);
152	12.4k	if (r <= 0) {
153	5.36k	assert(pkt == NULL);
154	5.36k	break;
155	5.36k	}
156	7.09k	nestegg_packet_track(pkt, &pkt_track);
157	7.09k	pkt_keyframe = nestegg_packet_has_keyframe(pkt);
158	7.09k	nestegg_packet_count(pkt, &pkt_cnt);
159	7.09k	nestegg_packet_tstamp(pkt, &pkt_tstamp);
160	7.09k	pkt_duration = 0;
161	7.09k	nestegg_packet_duration(pkt, &pkt_duration);
162	7.09k	pkt_discard_padding = 0;
163	7.09k	nestegg_packet_discard_padding(pkt, &pkt_discard_padding);
164	7.09k	pkt_reference_block = 0;
165	7.09k	nestegg_packet_reference_block(pkt, &pkt_reference_block);
166	7.09k	pkt_additional = NULL;
167	7.09k	nestegg_packet_additional_data(pkt, 1, &pkt_additional, &length);
168	7.09k	pkt_encryption = nestegg_packet_encryption(pkt);
169	7.09k	if (pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_ENCRYPTED \|\|
170	7.09k	pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_PARTITIONED) {
171	767	nestegg_packet_iv(pkt, &pkt_encryption_iv, &length);
172	767	}
173	7.09k	if (pkt_encryption == NESTEGG_PACKET_HAS_SIGNAL_BYTE_PARTITIONED) {
174	515	nestegg_packet_offsets(pkt, &pkt_partition_offsets, &pkt_num_offsets);
175	515	}
176	47.9k	for (i = 0; i < pkt_cnt; ++i) {
177	40.8k	nestegg_packet_data(pkt, i, &ptr, &length);
178	40.8k	}
179	7.09k	nestegg_free_packet(pkt);
180	7.09k	}
181
182	5.36k	nestegg_destroy(ctx);
183	5.36k	return 0;
184	5.36k	}

Coverage Report

Created: 2025-06-22 06:51